internal static void ExecuteWebServiceCall(HttpContext context, WebServiceMethodData methodData) { try { NamedPermissionSet s_permissionSet = HttpRuntime.NamedPermissionSet; if (s_permissionSet != null) { s_permissionSet.PermitOnly(); } // Deserialize the javascript request body IDictionary <string, object> rawParams = GetRawParams(methodData, context); InvokeMethod(context, methodData, rawParams); } catch (Exception ex) { WriteExceptionJsonString(context, ex); } }
private static Action <Action> GetCallInAppTrustThunk() { // do we need to create the thunk? if (_callInAppTrustThunk == null) { try { if (!typeof(SecurityUtil).Assembly.IsFullyTrusted || /* bin-deployed */ AppDomain.CurrentDomain.IsHomogenous /* .NET 4 CAS model */) { // we're already running in the application's trust level, so nothing to do _callInAppTrustThunk = f => f(); } else { // legacy CAS model - need to lower own permission level to be compatible with legacy systems // This is essentially the same logic as Page.ProcessRequest(HttpContext) NamedPermissionSet namedPermissionSet = (NamedPermissionSet)typeof(HttpRuntime).GetProperty("NamedPermissionSet", BindingFlags.NonPublic | BindingFlags.Public | BindingFlags.Static).GetValue(null, null); bool disableProcessRequestInApplicationTrust = (bool)typeof(HttpRuntime).GetProperty("DisableProcessRequestInApplicationTrust", BindingFlags.NonPublic | BindingFlags.Public | BindingFlags.Static).GetValue(null, null); if (namedPermissionSet != null && !disableProcessRequestInApplicationTrust) { _callInAppTrustThunk = f => { // lower permissions namedPermissionSet.PermitOnly(); f(); }; } else { // application's trust level is FullTrust, so nothing to do _callInAppTrustThunk = f => f(); } } } catch { // MVC assembly is already running in application trust, so swallow exceptions } } // if there was an error, just process transparently return(_callInAppTrustThunk ?? (Action <Action>)(f => f())); }